Award-winning news, views, and insight from the ESET security community

Don’t panic! Twitter mass password reset was ‘mistake’ company admits

An emailed warning and enforced password reset sent out to Twitter users on Monday due to a supposed compromise of their accounts provoked much discussion among site users - before the company admitted the reset had been initiated by mistake.

An emailed warning and enforced password reset sent out to Twitter users on Monday due to a supposed compromise of their accounts provoked much discussion among site users – before the company admitted the reset had been initiated by mistake.

An emailed warning and enforced password reset sent out to Twitter users on Monday due to a supposed compromise of their accounts provoked much discussion among site users – before the company admitted the reset had been initiated by mistake.

The reset briefly ‘silenced’ parts of the social network when it was initiated yesterday, according to The Register’s report. The enforced reset locked users out of their account until they had initiated a password reset via a link on the site, according to CNET.

Users speculated that the email was a result of a massive attack on Twitter – and others warned that the email itself was a cyber attack, with one user posting, “If you get an email from twitter sayin you need to change your pass bc someones trying to hack you don’t do it from the email it’s a hacker.”

The initial email was vague as to the source of the compromise, saying, “Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent accessing your account.”

The Register reports that affected users were quickly emailed by Twitter to say that the password reset had been initiated in error.

Twitter spokespeople admitted that the password reset had been initiated due to a ‘system error’. Speaking to CNET, Twitter said in a statement, “We unintentionally sent some password reset notices tonight due to a system error. We apologize to the affected users for the inconvenience.”
Re/Code reported that the number of users affected was “far less” than 1% of the site’s users. Anyone who received the email still has to go through the reset process.